[mirror_ubuntu-bionic-kernel.git] / net / tls / tls_sw.c

/*
 * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
 * Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
 * Copyright (c) 2016-2017, Lance Chao <lancerchao@fb.com>. All rights reserved.
 * Copyright (c) 2016, Fridolin Pokorny <fridolin.pokorny@gmail.com>. All rights reserved.
 * Copyright (c) 2016, Nikos Mavrogiannopoulos <nmav@gnutls.org>. All rights reserved.
 *
 * This software is available to you under a choice of one of two
 * licenses.  You may choose to be licensed under the terms of the GNU
 * General Public License (GPL) Version 2, available from the file
 * COPYING in the main directory of this source tree, or the
 * OpenIB.org BSD license below:
 *
 *     Redistribution and use in source and binary forms, with or
 *     without modification, are permitted provided that the following
 *     conditions are met:
 *
 *      - Redistributions of source code must retain the above
 *        copyright notice, this list of conditions and the following
 *        disclaimer.
 *
 *      - Redistributions in binary form must reproduce the above
 *        copyright notice, this list of conditions and the following
 *        disclaimer in the documentation and/or other materials
 *        provided with the distribution.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#include <linux/module.h>
#include <crypto/aead.h>

#include <net/tls.h>

static void trim_sg(struct sock *sk, struct scatterlist *sg,
		    int *sg_num_elem, unsigned int *sg_size, int target_size)
{
	int i = *sg_num_elem - 1;
	int trim = *sg_size - target_size;

	if (trim <= 0) {
		WARN_ON(trim < 0);
		return;
	}

	*sg_size = target_size;
	while (trim >= sg[i].length) {
		trim -= sg[i].length;
		sk_mem_uncharge(sk, sg[i].length);
		put_page(sg_page(&sg[i]));
		i--;

		if (i < 0)
			goto out;
	}

	sg[i].length -= trim;
	sk_mem_uncharge(sk, trim);

out:
	*sg_num_elem = i + 1;
}

static void trim_both_sgl(struct sock *sk, int target_size)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);

	trim_sg(sk, ctx->sg_plaintext_data,
		&ctx->sg_plaintext_num_elem,
		&ctx->sg_plaintext_size,
		target_size);

	if (target_size > 0)
		target_size += tls_ctx->overhead_size;

	trim_sg(sk, ctx->sg_encrypted_data,
		&ctx->sg_encrypted_num_elem,
		&ctx->sg_encrypted_size,
		target_size);
}

static int alloc_sg(struct sock *sk, int len, struct scatterlist *sg,
		    int *sg_num_elem, unsigned int *sg_size,
		    int first_coalesce)
{
	struct page_frag *pfrag;
	unsigned int size = *sg_size;
	int num_elem = *sg_num_elem, use = 0, rc = 0;
	struct scatterlist *sge;
	unsigned int orig_offset;

	len -= size;
	pfrag = sk_page_frag(sk);

	while (len > 0) {
		if (!sk_page_frag_refill(sk, pfrag)) {
			rc = -ENOMEM;
			goto out;
		}

		use = min_t(int, len, pfrag->size - pfrag->offset);

		if (!sk_wmem_schedule(sk, use)) {
			rc = -ENOMEM;
			goto out;
		}

		sk_mem_charge(sk, use);
		size += use;
		orig_offset = pfrag->offset;
		pfrag->offset += use;

		sge = sg + num_elem - 1;

		if (num_elem > first_coalesce && sg_page(sge) == pfrag->page &&
		    sge->offset + sge->length == orig_offset) {
			sge->length += use;
		} else {
			sge++;
			sg_unmark_end(sge);
			sg_set_page(sge, pfrag->page, use, orig_offset);
			get_page(pfrag->page);
			++num_elem;
			if (num_elem == MAX_SKB_FRAGS) {
				rc = -ENOSPC;
				break;
			}
		}

		len -= use;
	}
	goto out;

out:
	*sg_size = size;
	*sg_num_elem = num_elem;
	return rc;
}

static int alloc_encrypted_sg(struct sock *sk, int len)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	int rc = 0;

	rc = alloc_sg(sk, len, ctx->sg_encrypted_data,
		      &ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, 0);

	return rc;
}

static int alloc_plaintext_sg(struct sock *sk, int len)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	int rc = 0;

	rc = alloc_sg(sk, len, ctx->sg_plaintext_data,
		      &ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size,
		      tls_ctx->pending_open_record_frags);

	return rc;
}

static void free_sg(struct sock *sk, struct scatterlist *sg,
		    int *sg_num_elem, unsigned int *sg_size)
{
	int i, n = *sg_num_elem;

	for (i = 0; i < n; ++i) {
		sk_mem_uncharge(sk, sg[i].length);
		put_page(sg_page(&sg[i]));
	}
	*sg_num_elem = 0;
	*sg_size = 0;
}

static void tls_free_both_sg(struct sock *sk)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);

	free_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem,
		&ctx->sg_encrypted_size);

	free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
		&ctx->sg_plaintext_size);
}

static int tls_do_encryption(struct tls_context *tls_ctx,
			     struct tls_sw_context *ctx,
			     struct aead_request *aead_req,
			     size_t data_len)
{
	int rc;

	ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size;
	ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size;

	aead_request_set_tfm(aead_req, ctx->aead_send);
	aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
	aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out,
			       data_len, tls_ctx->iv);
	rc = crypto_aead_encrypt(aead_req);

	ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size;
	ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size;

	return rc;
}

static int tls_push_record(struct sock *sk, int flags,
			   unsigned char record_type)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	struct aead_request *req;
	int rc;

	req = kzalloc(sizeof(struct aead_request) +
		      crypto_aead_reqsize(ctx->aead_send), sk->sk_allocation);
	if (!req)
		return -ENOMEM;

	sg_mark_end(ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem - 1);
	sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1);

	tls_make_aad(ctx->aad_space, ctx->sg_plaintext_size,
		     tls_ctx->rec_seq, tls_ctx->rec_seq_size,
		     record_type);

	tls_fill_prepend(tls_ctx,
			 page_address(sg_page(&ctx->sg_encrypted_data[0])) +
			 ctx->sg_encrypted_data[0].offset,
			 ctx->sg_plaintext_size, record_type);

	tls_ctx->pending_open_record_frags = 0;
	set_bit(TLS_PENDING_CLOSED_RECORD, &tls_ctx->flags);

	rc = tls_do_encryption(tls_ctx, ctx, req, ctx->sg_plaintext_size);
	if (rc < 0) {
		/* If we are called from write_space and
		 * we fail, we need to set this SOCK_NOSPACE
		 * to trigger another write_space in the future.
		 */
		set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
		goto out_req;
	}

	free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
		&ctx->sg_plaintext_size);

	ctx->sg_encrypted_num_elem = 0;
	ctx->sg_encrypted_size = 0;

	/* Only pass through MSG_DONTWAIT and MSG_NOSIGNAL flags */
	rc = tls_push_sg(sk, tls_ctx, ctx->sg_encrypted_data, 0, flags);
	if (rc < 0 && rc != -EAGAIN)
		tls_err_abort(sk);

	tls_advance_record_sn(sk, tls_ctx);
out_req:
	kfree(req);
	return rc;
}

static int tls_sw_push_pending_record(struct sock *sk, int flags)
{
	return tls_push_record(sk, flags, TLS_RECORD_TYPE_DATA);
}

static int zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
			      int length)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	struct page *pages[MAX_SKB_FRAGS];

	size_t offset;
	ssize_t copied, use;
	int i = 0;
	unsigned int size = ctx->sg_plaintext_size;
	int num_elem = ctx->sg_plaintext_num_elem;
	int rc = 0;
	int maxpages;

	while (length > 0) {
		i = 0;
		maxpages = ARRAY_SIZE(ctx->sg_plaintext_data) - num_elem;
		if (maxpages == 0) {
			rc = -EFAULT;
			goto out;
		}
		copied = iov_iter_get_pages(from, pages,
					    length,
					    maxpages, &offset);
		if (copied <= 0) {
			rc = -EFAULT;
			goto out;
		}

		iov_iter_advance(from, copied);

		length -= copied;
		size += copied;
		while (copied) {
			use = min_t(int, copied, PAGE_SIZE - offset);

			sg_set_page(&ctx->sg_plaintext_data[num_elem],
				    pages[i], use, offset);
			sg_unmark_end(&ctx->sg_plaintext_data[num_elem]);
			sk_mem_charge(sk, use);

			offset = 0;
			copied -= use;

			++i;
			++num_elem;
		}
	}

out:
	ctx->sg_plaintext_size = size;
	ctx->sg_plaintext_num_elem = num_elem;
	return rc;
}

static int memcopy_from_iter(struct sock *sk, struct iov_iter *from,
			     int bytes)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	struct scatterlist *sg = ctx->sg_plaintext_data;
	int copy, i, rc = 0;

	for (i = tls_ctx->pending_open_record_frags;
	     i < ctx->sg_plaintext_num_elem; ++i) {
		copy = sg[i].length;
		if (copy_from_iter(
				page_address(sg_page(&sg[i])) + sg[i].offset,
				copy, from) != copy) {
			rc = -EFAULT;
			goto out;
		}
		bytes -= copy;

		++tls_ctx->pending_open_record_frags;

		if (!bytes)
			break;
	}

out:
	return rc;
}

int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	int ret = 0;
	int required_size;
	long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
	bool eor = !(msg->msg_flags & MSG_MORE);
	size_t try_to_copy, copied = 0;
	unsigned char record_type = TLS_RECORD_TYPE_DATA;
	int record_room;
	bool full_record;
	int orig_size;

	if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL))
		return -ENOTSUPP;

	lock_sock(sk);

	if (tls_complete_pending_work(sk, tls_ctx, msg->msg_flags, &timeo))
		goto send_end;

	if (unlikely(msg->msg_controllen)) {
		ret = tls_proccess_cmsg(sk, msg, &record_type);
		if (ret)
			goto send_end;
	}

	while (msg_data_left(msg)) {
		if (sk->sk_err) {
			ret = -sk->sk_err;
			goto send_end;
		}

		orig_size = ctx->sg_plaintext_size;
		full_record = false;
		try_to_copy = msg_data_left(msg);
		record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
		if (try_to_copy >= record_room) {
			try_to_copy = record_room;
			full_record = true;
		}

		required_size = ctx->sg_plaintext_size + try_to_copy +
				tls_ctx->overhead_size;

		if (!sk_stream_memory_free(sk))
			goto wait_for_sndbuf;
alloc_encrypted:
		ret = alloc_encrypted_sg(sk, required_size);
		if (ret) {
			if (ret != -ENOSPC)
				goto wait_for_memory;

			/* Adjust try_to_copy according to the amount that was
			 * actually allocated. The difference is due
			 * to max sg elements limit
			 */
			try_to_copy -= required_size - ctx->sg_encrypted_size;
			full_record = true;
		}

		if (full_record || eor) {
			ret = zerocopy_from_iter(sk, &msg->msg_iter,
						 try_to_copy);
			if (ret)
				goto fallback_to_reg_send;

			copied += try_to_copy;
			ret = tls_push_record(sk, msg->msg_flags, record_type);
			if (!ret)
				continue;
			if (ret < 0)
				goto send_end;

			copied -= try_to_copy;
fallback_to_reg_send:
			iov_iter_revert(&msg->msg_iter,
					ctx->sg_plaintext_size - orig_size);
			trim_sg(sk, ctx->sg_plaintext_data,
				&ctx->sg_plaintext_num_elem,
				&ctx->sg_plaintext_size,
				orig_size);
		}

		required_size = ctx->sg_plaintext_size + try_to_copy;
alloc_plaintext:
		ret = alloc_plaintext_sg(sk, required_size);
		if (ret) {
			if (ret != -ENOSPC)
				goto wait_for_memory;

			/* Adjust try_to_copy according to the amount that was
			 * actually allocated. The difference is due
			 * to max sg elements limit
			 */
			try_to_copy -= required_size - ctx->sg_plaintext_size;
			full_record = true;

			trim_sg(sk, ctx->sg_encrypted_data,
				&ctx->sg_encrypted_num_elem,
				&ctx->sg_encrypted_size,
				ctx->sg_plaintext_size +
				tls_ctx->overhead_size);
		}

		ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy);
		if (ret)
			goto trim_sgl;

		copied += try_to_copy;
		if (full_record || eor) {
push_record:
			ret = tls_push_record(sk, msg->msg_flags, record_type);
			if (ret) {
				if (ret == -ENOMEM)
					goto wait_for_memory;

				goto send_end;
			}
		}

		continue;

wait_for_sndbuf:
		set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
wait_for_memory:
		ret = sk_stream_wait_memory(sk, &timeo);
		if (ret) {
trim_sgl:
			trim_both_sgl(sk, orig_size);
			goto send_end;
		}

		if (tls_is_pending_closed_record(tls_ctx))
			goto push_record;

		if (ctx->sg_encrypted_size < required_size)
			goto alloc_encrypted;

		goto alloc_plaintext;
	}

send_end:
	ret = sk_stream_error(sk, msg->msg_flags, ret);

	release_sock(sk);
	return copied ? copied : ret;
}

int tls_sw_sendpage(struct sock *sk, struct page *page,
		    int offset, size_t size, int flags)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	int ret = 0;
	long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
	bool eor;
	size_t orig_size = size;
	unsigned char record_type = TLS_RECORD_TYPE_DATA;
	struct scatterlist *sg;
	bool full_record;
	int record_room;

	if (flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
		      MSG_SENDPAGE_NOTLAST))
		return -ENOTSUPP;

	/* No MSG_EOR from splice, only look at MSG_MORE */
	eor = !(flags & (MSG_MORE | MSG_SENDPAGE_NOTLAST));

	lock_sock(sk);

	sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);

	if (tls_complete_pending_work(sk, tls_ctx, flags, &timeo))
		goto sendpage_end;

	/* Call the sk_stream functions to manage the sndbuf mem. */
	while (size > 0) {
		size_t copy, required_size;

		if (sk->sk_err) {
			ret = -sk->sk_err;
			goto sendpage_end;
		}

		full_record = false;
		record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
		copy = size;
		if (copy >= record_room) {
			copy = record_room;
			full_record = true;
		}
		required_size = ctx->sg_plaintext_size + copy +
			      tls_ctx->overhead_size;

		if (!sk_stream_memory_free(sk))
			goto wait_for_sndbuf;
alloc_payload:
		ret = alloc_encrypted_sg(sk, required_size);
		if (ret) {
			if (ret != -ENOSPC)
				goto wait_for_memory;

			/* Adjust copy according to the amount that was
			 * actually allocated. The difference is due
			 * to max sg elements limit
			 */
			copy -= required_size - ctx->sg_plaintext_size;
			full_record = true;
		}

		get_page(page);
		sg = ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem;
		sg_set_page(sg, page, copy, offset);
		sg_unmark_end(sg);

		ctx->sg_plaintext_num_elem++;

		sk_mem_charge(sk, copy);
		offset += copy;
		size -= copy;
		ctx->sg_plaintext_size += copy;
		tls_ctx->pending_open_record_frags = ctx->sg_plaintext_num_elem;

		if (full_record || eor ||
		    ctx->sg_plaintext_num_elem ==
		    ARRAY_SIZE(ctx->sg_plaintext_data)) {
push_record:
			ret = tls_push_record(sk, flags, record_type);
			if (ret) {
				if (ret == -ENOMEM)
					goto wait_for_memory;

				goto sendpage_end;
			}
		}
		continue;
wait_for_sndbuf:
		set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
wait_for_memory:
		ret = sk_stream_wait_memory(sk, &timeo);
		if (ret) {
			trim_both_sgl(sk, ctx->sg_plaintext_size);
			goto sendpage_end;
		}

		if (tls_is_pending_closed_record(tls_ctx))
			goto push_record;

		goto alloc_payload;
	}

sendpage_end:
	if (orig_size > size)
		ret = orig_size - size;
	else
		ret = sk_stream_error(sk, flags, ret);

	release_sock(sk);
	return ret;
}

void tls_sw_free_tx_resources(struct sock *sk)
{
	struct tls_context *tls_ctx = tls_get_ctx(sk);
	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);

	if (ctx->aead_send)
		crypto_free_aead(ctx->aead_send);

	tls_free_both_sg(sk);

	kfree(ctx);
	kfree(tls_ctx);
}

int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
{
	char keyval[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
	struct tls_crypto_info *crypto_info;
	struct tls12_crypto_info_aes_gcm_128 *gcm_128_info;
	struct tls_sw_context *sw_ctx;
	u16 nonce_size, tag_size, iv_size, rec_seq_size;
	char *iv, *rec_seq;
	int rc = 0;

	if (!ctx) {
		rc = -EINVAL;
		goto out;
	}

	if (ctx->priv_ctx) {
		rc = -EEXIST;
		goto out;
	}

	sw_ctx = kzalloc(sizeof(*sw_ctx), GFP_KERNEL);
	if (!sw_ctx) {
		rc = -ENOMEM;
		goto out;
	}

	ctx->priv_ctx = (struct tls_offload_context *)sw_ctx;

	crypto_info = &ctx->crypto_send;
	switch (crypto_info->cipher_type) {
	case TLS_CIPHER_AES_GCM_128: {
		nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
		tag_size = TLS_CIPHER_AES_GCM_128_TAG_SIZE;
		iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
		iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
		rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
		rec_seq =
		 ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
		gcm_128_info =
			(struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
		break;
	}
	default:
		rc = -EINVAL;
		goto free_priv;
	}

	ctx->prepend_size = TLS_HEADER_SIZE + nonce_size;
	ctx->tag_size = tag_size;
	ctx->overhead_size = ctx->prepend_size + ctx->tag_size;
	ctx->iv_size = iv_size;
	ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL);
	if (!ctx->iv) {
		rc = -ENOMEM;
		goto free_priv;
	}
	memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
	memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
	ctx->rec_seq_size = rec_seq_size;
	ctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL);
	if (!ctx->rec_seq) {
		rc = -ENOMEM;
		goto free_iv;
	}
	memcpy(ctx->rec_seq, rec_seq, rec_seq_size);

	sg_init_table(sw_ctx->sg_encrypted_data,
		      ARRAY_SIZE(sw_ctx->sg_encrypted_data));
	sg_init_table(sw_ctx->sg_plaintext_data,
		      ARRAY_SIZE(sw_ctx->sg_plaintext_data));

	sg_init_table(sw_ctx->sg_aead_in, 2);
	sg_set_buf(&sw_ctx->sg_aead_in[0], sw_ctx->aad_space,
		   sizeof(sw_ctx->aad_space));
	sg_unmark_end(&sw_ctx->sg_aead_in[1]);
	sg_chain(sw_ctx->sg_aead_in, 2, sw_ctx->sg_plaintext_data);
	sg_init_table(sw_ctx->sg_aead_out, 2);
	sg_set_buf(&sw_ctx->sg_aead_out[0], sw_ctx->aad_space,
		   sizeof(sw_ctx->aad_space));
	sg_unmark_end(&sw_ctx->sg_aead_out[1]);
	sg_chain(sw_ctx->sg_aead_out, 2, sw_ctx->sg_encrypted_data);

	if (!sw_ctx->aead_send) {
		sw_ctx->aead_send = crypto_alloc_aead("gcm(aes)", 0, 0);
		if (IS_ERR(sw_ctx->aead_send)) {
			rc = PTR_ERR(sw_ctx->aead_send);
			sw_ctx->aead_send = NULL;
			goto free_rec_seq;
		}
	}

	ctx->push_pending_record = tls_sw_push_pending_record;

	memcpy(keyval, gcm_128_info->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE);

	rc = crypto_aead_setkey(sw_ctx->aead_send, keyval,
				TLS_CIPHER_AES_GCM_128_KEY_SIZE);
	if (rc)
		goto free_aead;

	rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size);
	if (!rc)
		return 0;

free_aead:
	crypto_free_aead(sw_ctx->aead_send);
	sw_ctx->aead_send = NULL;
free_rec_seq:
	kfree(ctx->rec_seq);
	ctx->rec_seq = NULL;
free_iv:
	kfree(ctx->iv);
	ctx->iv = NULL;
free_priv:
	kfree(ctx->priv_ctx);
	ctx->priv_ctx = NULL;
out:
	return rc;
}
Commit	Line	Data
3c4d7559 DW	1	/*
	2	* Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
	3	* Copyright (c) 2016-2017, Dave Watson <davejwatson@fb.com>. All rights reserved.
	4	* Copyright (c) 2016-2017, Lance Chao <lancerchao@fb.com>. All rights reserved.
	5	* Copyright (c) 2016, Fridolin Pokorny <fridolin.pokorny@gmail.com>. All rights reserved.
	6	* Copyright (c) 2016, Nikos Mavrogiannopoulos <nmav@gnutls.org>. All rights reserved.
	7	*
	8	* This software is available to you under a choice of one of two
	9	* licenses. You may choose to be licensed under the terms of the GNU
	10	* General Public License (GPL) Version 2, available from the file
	11	* COPYING in the main directory of this source tree, or the
	12	* OpenIB.org BSD license below:
	13	*
	14	* Redistribution and use in source and binary forms, with or
	15	* without modification, are permitted provided that the following
	16	* conditions are met:
	17	*
	18	* - Redistributions of source code must retain the above
	19	* copyright notice, this list of conditions and the following
	20	* disclaimer.
	21	*
	22	* - Redistributions in binary form must reproduce the above
	23	* copyright notice, this list of conditions and the following
	24	* disclaimer in the documentation and/or other materials
	25	* provided with the distribution.
	26	*
	27	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	28	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	29	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
	30	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
	31	* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
	32	* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
	33	* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
	34	* SOFTWARE.
	35	*/
	36
	37	#include <linux/module.h>
	38	#include <crypto/aead.h>
	39
	40	#include <net/tls.h>
	41
3c4d7559 DW	42	static void trim_sg(struct sock sk, struct scatterlist sg,
	43	int sg_num_elem, unsigned int sg_size, int target_size)
	44	{
	45	int i = *sg_num_elem - 1;
	46	int trim = *sg_size - target_size;
	47
	48	if (trim <= 0) {
	49	WARN_ON(trim < 0);
	50	return;
	51	}
	52
	53	*sg_size = target_size;
	54	while (trim >= sg[i].length) {
	55	trim -= sg[i].length;
	56	sk_mem_uncharge(sk, sg[i].length);
	57	put_page(sg_page(&sg[i]));
	58	i--;
	59
	60	if (i < 0)
	61	goto out;
	62	}
	63
	64	sg[i].length -= trim;
	65	sk_mem_uncharge(sk, trim);
	66
	67	out:
	68	*sg_num_elem = i + 1;
	69	}
	70
	71	static void trim_both_sgl(struct sock *sk, int target_size)
	72	{
	73	struct tls_context *tls_ctx = tls_get_ctx(sk);
	74	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	75
	76	trim_sg(sk, ctx->sg_plaintext_data,
	77	&ctx->sg_plaintext_num_elem,
	78	&ctx->sg_plaintext_size,
	79	target_size);
	80
	81	if (target_size > 0)
	82	target_size += tls_ctx->overhead_size;
	83
	84	trim_sg(sk, ctx->sg_encrypted_data,
	85	&ctx->sg_encrypted_num_elem,
	86	&ctx->sg_encrypted_size,
	87	target_size);
	88	}
	89
	90	static int alloc_sg(struct sock sk, int len, struct scatterlist sg,
	91	int sg_num_elem, unsigned int sg_size,
	92	int first_coalesce)
	93	{
	94	struct page_frag *pfrag;
	95	unsigned int size = *sg_size;
	96	int num_elem = *sg_num_elem, use = 0, rc = 0;
	97	struct scatterlist *sge;
	98	unsigned int orig_offset;
	99
	100	len -= size;
	101	pfrag = sk_page_frag(sk);
	102
	103	while (len > 0) {
	104	if (!sk_page_frag_refill(sk, pfrag)) {
	105	rc = -ENOMEM;
106	goto out;
107	}
108
109	use = min_t(int, len, pfrag->size - pfrag->offset);
110
111	if (!sk_wmem_schedule(sk, use)) {
112	rc = -ENOMEM;
113	goto out;
114	}
115
116	sk_mem_charge(sk, use);
117	size += use;
118	orig_offset = pfrag->offset;
119	pfrag->offset += use;
120
121	sge = sg + num_elem - 1;
e03ad33a DB	122
	123	if (num_elem > first_coalesce && sg_page(sge) == pfrag->page &&
	124	sge->offset + sge->length == orig_offset) {
	125	sge->length += use;
3c4d7559 DW	126	} else {
	127	sge++;
	128	sg_unmark_end(sge);
	129	sg_set_page(sge, pfrag->page, use, orig_offset);
	130	get_page(pfrag->page);
	131	++num_elem;
	132	if (num_elem == MAX_SKB_FRAGS) {
	133	rc = -ENOSPC;
	134	break;
	135	}
	136	}
	137
	138	len -= use;
	139	}
	140	goto out;
	141
	142	out:
	143	*sg_size = size;
	144	*sg_num_elem = num_elem;
	145	return rc;
	146	}
	147
	148	static int alloc_encrypted_sg(struct sock *sk, int len)
	149	{
	150	struct tls_context *tls_ctx = tls_get_ctx(sk);
	151	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	152	int rc = 0;
	153
	154	rc = alloc_sg(sk, len, ctx->sg_encrypted_data,
	155	&ctx->sg_encrypted_num_elem, &ctx->sg_encrypted_size, 0);
	156
	157	return rc;
	158	}
	159
	160	static int alloc_plaintext_sg(struct sock *sk, int len)
	161	{
	162	struct tls_context *tls_ctx = tls_get_ctx(sk);
	163	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	164	int rc = 0;
	165
	166	rc = alloc_sg(sk, len, ctx->sg_plaintext_data,
	167	&ctx->sg_plaintext_num_elem, &ctx->sg_plaintext_size,
	168	tls_ctx->pending_open_record_frags);
	169
	170	return rc;
	171	}
	172
	173	static void free_sg(struct sock sk, struct scatterlist sg,
	174	int sg_num_elem, unsigned int sg_size)
	175	{
	176	int i, n = *sg_num_elem;
	177
	178	for (i = 0; i < n; ++i) {
	179	sk_mem_uncharge(sk, sg[i].length);
	180	put_page(sg_page(&sg[i]));
	181	}
	182	*sg_num_elem = 0;
	183	*sg_size = 0;
	184	}
	185
	186	static void tls_free_both_sg(struct sock *sk)
	187	{
	188	struct tls_context *tls_ctx = tls_get_ctx(sk);
	189	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
190
191	free_sg(sk, ctx->sg_encrypted_data, &ctx->sg_encrypted_num_elem,
192	&ctx->sg_encrypted_size);
193
194	free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
195	&ctx->sg_plaintext_size);
196	}
197
198	static int tls_do_encryption(struct tls_context *tls_ctx,
1677b200 DB	199	struct tls_sw_context *ctx,
	200	struct aead_request *aead_req,
	201	size_t data_len)
3c4d7559	202	{
3c4d7559 DW	203	int rc;
3c4d7559 DW	204
3c4d7559 DW	205	ctx->sg_encrypted_data[0].offset += tls_ctx->prepend_size;
	206	ctx->sg_encrypted_data[0].length -= tls_ctx->prepend_size;
	207
	208	aead_request_set_tfm(aead_req, ctx->aead_send);
	209	aead_request_set_ad(aead_req, TLS_AAD_SPACE_SIZE);
	210	aead_request_set_crypt(aead_req, ctx->sg_aead_in, ctx->sg_aead_out,
	211	data_len, tls_ctx->iv);
	212	rc = crypto_aead_encrypt(aead_req);
	213
	214	ctx->sg_encrypted_data[0].offset -= tls_ctx->prepend_size;
	215	ctx->sg_encrypted_data[0].length += tls_ctx->prepend_size;
	216
3c4d7559 DW	217	return rc;
	218	}
	219
	220	static int tls_push_record(struct sock *sk, int flags,
	221	unsigned char record_type)
	222	{
	223	struct tls_context *tls_ctx = tls_get_ctx(sk);
	224	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
1677b200	225	struct aead_request *req;
3c4d7559 DW	226	int rc;
3c4d7559 DW	227
1677b200 DB	228	req = kzalloc(sizeof(struct aead_request) +
	229	crypto_aead_reqsize(ctx->aead_send), sk->sk_allocation);
	230	if (!req)
	231	return -ENOMEM;
	232
3c4d7559 DW	233	sg_mark_end(ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem - 1);
	234	sg_mark_end(ctx->sg_encrypted_data + ctx->sg_encrypted_num_elem - 1);
	235
213ef6e7	236	tls_make_aad(ctx->aad_space, ctx->sg_plaintext_size,
3c4d7559 DW	237	tls_ctx->rec_seq, tls_ctx->rec_seq_size,
	238	record_type);
	239
	240	tls_fill_prepend(tls_ctx,
	241	page_address(sg_page(&ctx->sg_encrypted_data[0])) +
	242	ctx->sg_encrypted_data[0].offset,
	243	ctx->sg_plaintext_size, record_type);
	244
	245	tls_ctx->pending_open_record_frags = 0;
	246	set_bit(TLS_PENDING_CLOSED_RECORD, &tls_ctx->flags);
	247
1677b200	248	rc = tls_do_encryption(tls_ctx, ctx, req, ctx->sg_plaintext_size);
3c4d7559 DW	249	if (rc < 0) {
	250	/* If we are called from write_space and
	251	* we fail, we need to set this SOCK_NOSPACE
	252	* to trigger another write_space in the future.
	253	*/
	254	set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1677b200	255	goto out_req;
3c4d7559 DW	256	}
	257
	258	free_sg(sk, ctx->sg_plaintext_data, &ctx->sg_plaintext_num_elem,
	259	&ctx->sg_plaintext_size);
	260
	261	ctx->sg_encrypted_num_elem = 0;
	262	ctx->sg_encrypted_size = 0;
	263
	264	/* Only pass through MSG_DONTWAIT and MSG_NOSIGNAL flags */
	265	rc = tls_push_sg(sk, tls_ctx, ctx->sg_encrypted_data, 0, flags);
	266	if (rc < 0 && rc != -EAGAIN)
	267	tls_err_abort(sk);
	268
	269	tls_advance_record_sn(sk, tls_ctx);
1677b200 DB	270	out_req:
1677b200 DB	271	kfree(req);
3c4d7559 DW	272	return rc;
	273	}
	274
	275	static int tls_sw_push_pending_record(struct sock *sk, int flags)
	276	{
	277	return tls_push_record(sk, flags, TLS_RECORD_TYPE_DATA);
	278	}
	279
	280	static int zerocopy_from_iter(struct sock sk, struct iov_iter from,
	281	int length)
	282	{
	283	struct tls_context *tls_ctx = tls_get_ctx(sk);
	284	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	285	struct page *pages[MAX_SKB_FRAGS];
	286
	287	size_t offset;
	288	ssize_t copied, use;
	289	int i = 0;
	290	unsigned int size = ctx->sg_plaintext_size;
	291	int num_elem = ctx->sg_plaintext_num_elem;
	292	int rc = 0;
	293	int maxpages;
	294
	295	while (length > 0) {
	296	i = 0;
	297	maxpages = ARRAY_SIZE(ctx->sg_plaintext_data) - num_elem;
	298	if (maxpages == 0) {
	299	rc = -EFAULT;
	300	goto out;
	301	}
	302	copied = iov_iter_get_pages(from, pages,
	303	length,
	304	maxpages, &offset);
	305	if (copied <= 0) {
	306	rc = -EFAULT;
	307	goto out;
	308	}
	309
	310	iov_iter_advance(from, copied);
	311
	312	length -= copied;
	313	size += copied;
	314	while (copied) {
	315	use = min_t(int, copied, PAGE_SIZE - offset);
	316
	317	sg_set_page(&ctx->sg_plaintext_data[num_elem],
	318	pages[i], use, offset);
	319	sg_unmark_end(&ctx->sg_plaintext_data[num_elem]);
	320	sk_mem_charge(sk, use);
	321
	322	offset = 0;
	323	copied -= use;
	324
	325	++i;
	326	++num_elem;
	327	}
	328	}
	329
	330	out:
	331	ctx->sg_plaintext_size = size;
	332	ctx->sg_plaintext_num_elem = num_elem;
	333	return rc;
	334	}
	335
336	static int memcopy_from_iter(struct sock sk, struct iov_iter from,
337	int bytes)
338	{
339	struct tls_context *tls_ctx = tls_get_ctx(sk);
340	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
341	struct scatterlist *sg = ctx->sg_plaintext_data;
342	int copy, i, rc = 0;
343
344	for (i = tls_ctx->pending_open_record_frags;
345	i < ctx->sg_plaintext_num_elem; ++i) {
346	copy = sg[i].length;
347	if (copy_from_iter(
348	page_address(sg_page(&sg[i])) + sg[i].offset,
349	copy, from) != copy) {
350	rc = -EFAULT;
351	goto out;
352	}
353	bytes -= copy;
354
355	++tls_ctx->pending_open_record_frags;
356
357	if (!bytes)
358	break;
359	}
360
361	out:
362	return rc;
363	}
364
365	int tls_sw_sendmsg(struct sock sk, struct msghdr msg, size_t size)
366	{
367	struct tls_context *tls_ctx = tls_get_ctx(sk);
368	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
369	int ret = 0;
370	int required_size;
371	long timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
372	bool eor = !(msg->msg_flags & MSG_MORE);
373	size_t try_to_copy, copied = 0;
374	unsigned char record_type = TLS_RECORD_TYPE_DATA;
375	int record_room;
376	bool full_record;
377	int orig_size;
378
379	if (msg->msg_flags & ~(MSG_MORE \| MSG_DONTWAIT \| MSG_NOSIGNAL))
380	return -ENOTSUPP;
381
382	lock_sock(sk);
383
384	if (tls_complete_pending_work(sk, tls_ctx, msg->msg_flags, &timeo))
385	goto send_end;
386
387	if (unlikely(msg->msg_controllen)) {
388	ret = tls_proccess_cmsg(sk, msg, &record_type);
389	if (ret)
390	goto send_end;
391	}
392
393	while (msg_data_left(msg)) {
394	if (sk->sk_err) {
30be8f8d	395	ret = -sk->sk_err;
3c4d7559 DW	396	goto send_end;
	397	}
	398
	399	orig_size = ctx->sg_plaintext_size;
	400	full_record = false;
	401	try_to_copy = msg_data_left(msg);
	402	record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
	403	if (try_to_copy >= record_room) {
	404	try_to_copy = record_room;
	405	full_record = true;
	406	}
	407
	408	required_size = ctx->sg_plaintext_size + try_to_copy +
	409	tls_ctx->overhead_size;
	410
	411	if (!sk_stream_memory_free(sk))
	412	goto wait_for_sndbuf;
	413	alloc_encrypted:
	414	ret = alloc_encrypted_sg(sk, required_size);
	415	if (ret) {
	416	if (ret != -ENOSPC)
	417	goto wait_for_memory;
	418
	419	/* Adjust try_to_copy according to the amount that was
	420	* actually allocated. The difference is due
	421	* to max sg elements limit
	422	*/
	423	try_to_copy -= required_size - ctx->sg_encrypted_size;
	424	full_record = true;
	425	}
	426
	427	if (full_record \|\| eor) {
	428	ret = zerocopy_from_iter(sk, &msg->msg_iter,
	429	try_to_copy);
	430	if (ret)
	431	goto fallback_to_reg_send;
	432
	433	copied += try_to_copy;
	434	ret = tls_push_record(sk, msg->msg_flags, record_type);
	435	if (!ret)
	436	continue;
ef5b20ef	437	if (ret < 0)
3c4d7559 DW	438	goto send_end;
	439
	440	copied -= try_to_copy;
	441	fallback_to_reg_send:
	442	iov_iter_revert(&msg->msg_iter,
	443	ctx->sg_plaintext_size - orig_size);
	444	trim_sg(sk, ctx->sg_plaintext_data,
	445	&ctx->sg_plaintext_num_elem,
	446	&ctx->sg_plaintext_size,
	447	orig_size);
	448	}
	449
	450	required_size = ctx->sg_plaintext_size + try_to_copy;
	451	alloc_plaintext:
	452	ret = alloc_plaintext_sg(sk, required_size);
	453	if (ret) {
	454	if (ret != -ENOSPC)
	455	goto wait_for_memory;
	456
	457	/* Adjust try_to_copy according to the amount that was
	458	* actually allocated. The difference is due
	459	* to max sg elements limit
	460	*/
	461	try_to_copy -= required_size - ctx->sg_plaintext_size;
	462	full_record = true;
	463
	464	trim_sg(sk, ctx->sg_encrypted_data,
	465	&ctx->sg_encrypted_num_elem,
	466	&ctx->sg_encrypted_size,
	467	ctx->sg_plaintext_size +
	468	tls_ctx->overhead_size);
	469	}
	470
	471	ret = memcopy_from_iter(sk, &msg->msg_iter, try_to_copy);
	472	if (ret)
	473	goto trim_sgl;
	474
	475	copied += try_to_copy;
	476	if (full_record \|\| eor) {
	477	push_record:
	478	ret = tls_push_record(sk, msg->msg_flags, record_type);
	479	if (ret) {
	480	if (ret == -ENOMEM)
	481	goto wait_for_memory;
	482
	483	goto send_end;
	484	}
	485	}
	486
	487	continue;
	488
	489	wait_for_sndbuf:
	490	set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
	491	wait_for_memory:
	492	ret = sk_stream_wait_memory(sk, &timeo);
	493	if (ret) {
	494	trim_sgl:
	495	trim_both_sgl(sk, orig_size);
	496	goto send_end;
	497	}
	498
	499	if (tls_is_pending_closed_record(tls_ctx))
	500	goto push_record;
	501
502	if (ctx->sg_encrypted_size < required_size)
503	goto alloc_encrypted;
504
505	goto alloc_plaintext;
506	}
507
508	send_end:
509	ret = sk_stream_error(sk, msg->msg_flags, ret);
510
511	release_sock(sk);
512	return copied ? copied : ret;
513	}
514
515	int tls_sw_sendpage(struct sock sk, struct page page,
516	int offset, size_t size, int flags)
517	{
518	struct tls_context *tls_ctx = tls_get_ctx(sk);
519	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
520	int ret = 0;
521	long timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT);
522	bool eor;
523	size_t orig_size = size;
524	unsigned char record_type = TLS_RECORD_TYPE_DATA;
525	struct scatterlist *sg;
526	bool full_record;
527	int record_room;
528
529	if (flags & ~(MSG_MORE \| MSG_DONTWAIT \| MSG_NOSIGNAL \|
530	MSG_SENDPAGE_NOTLAST))
531	return -ENOTSUPP;
532
533	/* No MSG_EOR from splice, only look at MSG_MORE */
534	eor = !(flags & (MSG_MORE \| MSG_SENDPAGE_NOTLAST));
535
536	lock_sock(sk);
537
538	sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
539
540	if (tls_complete_pending_work(sk, tls_ctx, flags, &timeo))
541	goto sendpage_end;
542
543	/* Call the sk_stream functions to manage the sndbuf mem. */
544	while (size > 0) {
545	size_t copy, required_size;
546
547	if (sk->sk_err) {
30be8f8d	548	ret = -sk->sk_err;
3c4d7559 DW	549	goto sendpage_end;
	550	}
	551
	552	full_record = false;
	553	record_room = TLS_MAX_PAYLOAD_SIZE - ctx->sg_plaintext_size;
	554	copy = size;
	555	if (copy >= record_room) {
	556	copy = record_room;
	557	full_record = true;
	558	}
	559	required_size = ctx->sg_plaintext_size + copy +
	560	tls_ctx->overhead_size;
	561
	562	if (!sk_stream_memory_free(sk))
	563	goto wait_for_sndbuf;
	564	alloc_payload:
	565	ret = alloc_encrypted_sg(sk, required_size);
	566	if (ret) {
	567	if (ret != -ENOSPC)
	568	goto wait_for_memory;
	569
	570	/* Adjust copy according to the amount that was
	571	* actually allocated. The difference is due
	572	* to max sg elements limit
	573	*/
	574	copy -= required_size - ctx->sg_plaintext_size;
	575	full_record = true;
	576	}
	577
	578	get_page(page);
	579	sg = ctx->sg_plaintext_data + ctx->sg_plaintext_num_elem;
	580	sg_set_page(sg, page, copy, offset);
7a8c4dd9 DW	581	sg_unmark_end(sg);
7a8c4dd9 DW	582
3c4d7559 DW	583	ctx->sg_plaintext_num_elem++;
	584
	585	sk_mem_charge(sk, copy);
	586	offset += copy;
	587	size -= copy;
	588	ctx->sg_plaintext_size += copy;
	589	tls_ctx->pending_open_record_frags = ctx->sg_plaintext_num_elem;
	590
	591	if (full_record \|\| eor \|\|
	592	ctx->sg_plaintext_num_elem ==
	593	ARRAY_SIZE(ctx->sg_plaintext_data)) {
	594	push_record:
	595	ret = tls_push_record(sk, flags, record_type);
	596	if (ret) {
	597	if (ret == -ENOMEM)
	598	goto wait_for_memory;
	599
	600	goto sendpage_end;
	601	}
	602	}
	603	continue;
	604	wait_for_sndbuf:
	605	set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
	606	wait_for_memory:
	607	ret = sk_stream_wait_memory(sk, &timeo);
	608	if (ret) {
	609	trim_both_sgl(sk, ctx->sg_plaintext_size);
	610	goto sendpage_end;
	611	}
	612
	613	if (tls_is_pending_closed_record(tls_ctx))
	614	goto push_record;
	615
	616	goto alloc_payload;
	617	}
	618
	619	sendpage_end:
	620	if (orig_size > size)
	621	ret = orig_size - size;
	622	else
	623	ret = sk_stream_error(sk, flags, ret);
	624
	625	release_sock(sk);
	626	return ret;
	627	}
	628
ff45d820	629	void tls_sw_free_tx_resources(struct sock *sk)
3c4d7559 DW	630	{
	631	struct tls_context *tls_ctx = tls_get_ctx(sk);
	632	struct tls_sw_context *ctx = tls_sw_ctx(tls_ctx);
	633
	634	if (ctx->aead_send)
	635	crypto_free_aead(ctx->aead_send);
	636
	637	tls_free_both_sg(sk);
	638
	639	kfree(ctx);
ff45d820	640	kfree(tls_ctx);
3c4d7559 DW	641	}
	642
	643	int tls_set_sw_offload(struct sock sk, struct tls_context ctx)
	644	{
	645	char keyval[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
	646	struct tls_crypto_info *crypto_info;
	647	struct tls12_crypto_info_aes_gcm_128 *gcm_128_info;
	648	struct tls_sw_context *sw_ctx;
	649	u16 nonce_size, tag_size, iv_size, rec_seq_size;
	650	char iv, rec_seq;
	651	int rc = 0;
	652
	653	if (!ctx) {
	654	rc = -EINVAL;
	655	goto out;
	656	}
	657
	658	if (ctx->priv_ctx) {
	659	rc = -EEXIST;
	660	goto out;
	661	}
	662
	663	sw_ctx = kzalloc(sizeof(*sw_ctx), GFP_KERNEL);
	664	if (!sw_ctx) {
	665	rc = -ENOMEM;
	666	goto out;
	667	}
	668
	669	ctx->priv_ctx = (struct tls_offload_context *)sw_ctx;
3c4d7559 DW	670
	671	crypto_info = &ctx->crypto_send;
	672	switch (crypto_info->cipher_type) {
	673	case TLS_CIPHER_AES_GCM_128: {
	674	nonce_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
	675	tag_size = TLS_CIPHER_AES_GCM_128_TAG_SIZE;
	676	iv_size = TLS_CIPHER_AES_GCM_128_IV_SIZE;
	677	iv = ((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->iv;
	678	rec_seq_size = TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE;
	679	rec_seq =
	680	((struct tls12_crypto_info_aes_gcm_128 *)crypto_info)->rec_seq;
	681	gcm_128_info =
	682	(struct tls12_crypto_info_aes_gcm_128 *)crypto_info;
	683	break;
	684	}
	685	default:
	686	rc = -EINVAL;
cf6d43ef	687	goto free_priv;
3c4d7559 DW	688	}
	689
	690	ctx->prepend_size = TLS_HEADER_SIZE + nonce_size;
	691	ctx->tag_size = tag_size;
	692	ctx->overhead_size = ctx->prepend_size + ctx->tag_size;
	693	ctx->iv_size = iv_size;
cf6d43ef	694	ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL);
3c4d7559 DW	695	if (!ctx->iv) {
3c4d7559 DW	696	rc = -ENOMEM;
cf6d43ef	697	goto free_priv;
3c4d7559 DW	698	}
	699	memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
	700	memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
	701	ctx->rec_seq_size = rec_seq_size;
	702	ctx->rec_seq = kmalloc(rec_seq_size, GFP_KERNEL);
	703	if (!ctx->rec_seq) {
	704	rc = -ENOMEM;
	705	goto free_iv;
	706	}
	707	memcpy(ctx->rec_seq, rec_seq, rec_seq_size);
	708
	709	sg_init_table(sw_ctx->sg_encrypted_data,
	710	ARRAY_SIZE(sw_ctx->sg_encrypted_data));
	711	sg_init_table(sw_ctx->sg_plaintext_data,
	712	ARRAY_SIZE(sw_ctx->sg_plaintext_data));
	713
	714	sg_init_table(sw_ctx->sg_aead_in, 2);
	715	sg_set_buf(&sw_ctx->sg_aead_in[0], sw_ctx->aad_space,
	716	sizeof(sw_ctx->aad_space));
	717	sg_unmark_end(&sw_ctx->sg_aead_in[1]);
	718	sg_chain(sw_ctx->sg_aead_in, 2, sw_ctx->sg_plaintext_data);
	719	sg_init_table(sw_ctx->sg_aead_out, 2);
	720	sg_set_buf(&sw_ctx->sg_aead_out[0], sw_ctx->aad_space,
	721	sizeof(sw_ctx->aad_space));
	722	sg_unmark_end(&sw_ctx->sg_aead_out[1]);
	723	sg_chain(sw_ctx->sg_aead_out, 2, sw_ctx->sg_encrypted_data);
	724
	725	if (!sw_ctx->aead_send) {
	726	sw_ctx->aead_send = crypto_alloc_aead("gcm(aes)", 0, 0);
	727	if (IS_ERR(sw_ctx->aead_send)) {
	728	rc = PTR_ERR(sw_ctx->aead_send);
	729	sw_ctx->aead_send = NULL;
	730	goto free_rec_seq;
	731	}
	732	}
	733
	734	ctx->push_pending_record = tls_sw_push_pending_record;
	735
	736	memcpy(keyval, gcm_128_info->key, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
	737
	738	rc = crypto_aead_setkey(sw_ctx->aead_send, keyval,
	739	TLS_CIPHER_AES_GCM_128_KEY_SIZE);
	740	if (rc)
	741	goto free_aead;
	742
	743	rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size);
	744	if (!rc)
cf6d43ef	745	return 0;
3c4d7559 DW	746
	747	free_aead:
	748	crypto_free_aead(sw_ctx->aead_send);
	749	sw_ctx->aead_send = NULL;
	750	free_rec_seq:
	751	kfree(ctx->rec_seq);
	752	ctx->rec_seq = NULL;
	753	free_iv:
	754	kfree(ctx->iv);
	755	ctx->iv = NULL;
cf6d43ef SD	756	free_priv:
	757	kfree(ctx->priv_ctx);
	758	ctx->priv_ctx = NULL;
3c4d7559 DW	759	out:
	760	return rc;
	761	}